| |
| |||||||
Log-Analyse und Auswertung: PC Performer (Log-Files)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
20.05.2013, 21:38
| #1 |
| |  PC Performer (Log-Files) Hallo liebes Trojaner-Board, ich habe hier den PC von einem Arbeitskollegen meines Vaters stehen, der leider mit wenig Ahnung im Internet unterwegs ist und sich deshalb den PC Performer eingefangen hat. Installierter Virenscanner ist der Avira (Free Edition), Virendefinitionsdateien sind auch immer auf aktuell gestellt; trotzdem kam da wohl was durch. Zuerst habe ich es mit Malwarebytes probiert, wie hier im Board in einem allgemeinen Thread zum PCPerformer beschrieben steht. 6 Funde habe ich zwar beseitigt, es hat sich dabei aber wohl um eine andere Malware gehandelt. Soll heißen: Nach Neustart ist PC Performer wieder fröhlich am Laufen. Ich habe also die Liste "Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?" abgearbeitet und das ist dabei herausgekommen: OTL.txt: Code:
ATTFilter OTL logfile created on: 5/20/2013 10:06:13 PM - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\****\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5.96 Gb Total Physical Memory | 4.37 Gb Available Physical Memory | 73.27% Memory free 11.92 Gb Paging File | 10.21 Gb Available in Paging File | 85.64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 918.37 Gb Total Space | 698.95 Gb Free Space | 76.11% Space Free | Partition Type: NTFS Drive D: | 13.05 Gb Total Space | 0.16 Gb Free Space | 1.25% Space Free | Partition Type: NTFS Computer Name: JUTTA | User Name: 2****2 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/05/20 20:52:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe PRC - [2013/05/10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013/05/06 11:27:54 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013/03/31 14:57:08 | 001,646,216 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2013/03/29 09:28:36 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013/03/29 09:28:28 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013/03/22 16:09:37 | 002,787,280 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe PRC - [2013/03/11 16:16:26 | 000,132,504 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe PRC - [2013/02/05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe PRC - [2012/09/10 16:06:26 | 000,372,736 | ---- | M] (Secure Banking) -- C:\Program Files (x86)\Secure Banking\SecureBanking.exe PRC - [2012/09/07 17:30:34 | 000,002,560 | ---- | M] () -- C:\Program Files (x86)\Secure Banking\sbservice.exe PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2010/06/18 01:59:40 | 001,040,952 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe PRC - [2010/04/23 21:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010/04/23 21:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010/04/05 12:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe PRC - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010/03/04 05:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010/01/18 19:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe PRC - [2009/10/15 00:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe PRC - [2009/10/01 06:02:50 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009/10/01 06:02:48 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009/05/09 01:39:48 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe PRC - [2009/05/09 01:11:00 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe PRC - [2008/11/20 19:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe ========== Modules (No Company Name) ========== MOD - [2013/05/16 09:38:59 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll MOD - [2013/05/16 09:38:44 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll MOD - [2013/05/16 09:38:35 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll MOD - [2013/04/24 10:26:55 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013/04/24 10:26:51 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\f7cb3ae5de64f8cbde3ccc57c780743a\IAStorUtil.ni.dll MOD - [2013/04/24 10:26:44 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013/04/24 10:26:04 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013/04/24 10:25:59 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013/04/24 10:25:39 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2013/03/22 16:08:36 | 002,520,016 | ---- | M] () -- c:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll MOD - [2012/09/07 17:30:34 | 000,002,560 | ---- | M] () -- C:\Program Files (x86)\Secure Banking\sbservice.exe MOD - [2012/09/07 17:30:22 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\Secure Banking\SecureBanking.dll MOD - [2012/09/05 20:49:54 | 000,008,704 | ---- | M] () -- C:\Program Files (x86)\Secure Banking\funcs.dll MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/08/17 00:22:07 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010/11/13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010/06/18 02:10:06 | 001,700,920 | ---- | M] () -- C:\Users\****\AppData\Roaming\PictureMover\DE-DE\Presentation.dll MOD - [2010/06/18 02:00:10 | 012,286,520 | ---- | M] () -- C:\Users\****\AppData\Roaming\PictureMover\Bin\Core.dll MOD - [2010/01/18 19:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe MOD - [2009/07/14 03:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll MOD - [2009/02/20 02:22:50 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.dll ========== Services (SafeList) ========== SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2013/05/15 22:44:10 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/05/10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013/04/13 11:49:20 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/04/08 11:36:56 | 000,032,808 | ---- | M] (Just Develop It) [Auto | Running] -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe -- (BackupStack) SRV - [2013/03/29 09:28:36 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013/03/29 09:28:28 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013/03/22 16:09:37 | 002,787,280 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect) SRV - [2013/03/11 16:16:26 | 000,132,504 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher) SRV - [2013/02/05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService) SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service) SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010/10/12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010/04/05 12:55:01 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2009/10/15 00:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2009/10/01 06:02:50 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009/10/01 06:02:48 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/03/29 09:28:39 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013/03/29 09:28:39 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013/03/29 09:28:39 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/03/04 16:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010/03/04 05:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009/09/17 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/04/29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {CF7C2389-9B7C-4EF4-B2A2-B5E65CFB6C2F} IE:64bit: - HKLM\..\SearchScopes\{B889F3FF-D1DC-4B7A-BF65-032AC8FC7A2B}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{CF7C2389-9B7C-4EF4-B2A2-B5E65CFB6C2F}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{FD21AECC-8C1B-40FB-A01C-A0102883F5B3}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {CF7C2389-9B7C-4EF4-B2A2-B5E65CFB6C2F} IE - HKLM\..\SearchScopes\{B889F3FF-D1DC-4B7A-BF65-032AC8FC7A2B}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\..\SearchScopes\{CF7C2389-9B7C-4EF4-B2A2-B5E65CFB6C2F}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{FD21AECC-8C1B-40FB-A01C-A0102883F5B3}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3930111990-3464362033-339816197-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4 IE - HKU\S-1-5-21-3930111990-3464362033-339816197-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-3930111990-3464362033-339816197-1000\..\SearchScopes,DefaultScope = {CF7C2389-9B7C-4EF4-B2A2-B5E65CFB6C2F} IE - HKU\S-1-5-21-3930111990-3464362033-339816197-1000\..\SearchScopes\{B889F3FF-D1DC-4B7A-BF65-032AC8FC7A2B}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKU\S-1-5-21-3930111990-3464362033-339816197-1000\..\SearchScopes\{CF7C2389-9B7C-4EF4-B2A2-B5E65CFB6C2F}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKU\S-1-5-21-3930111990-3464362033-339816197-1000\..\SearchScopes\{FD21AECC-8C1B-40FB-A01C-A0102883F5B3}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF IE - HKU\S-1-5-21-3930111990-3464362033-339816197-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3930111990-3464362033-339816197-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-3930111990-3464362033-339816197-1001\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www1.delta-search.com/?affID=119649&babsrc=HP_ss&mntrId=A6776C626D761FD1 IE - HKU\S-1-5-21-3930111990-3464362033-339816197-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4 IE - HKU\S-1-5-21-3930111990-3464362033-339816197-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.delta-search.com/?affID=119649&babsrc=HP_ss&mntrId=A6776C626D761FD1 IE - HKU\S-1-5-21-3930111990-3464362033-339816197-1001\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-3930111990-3464362033-339816197-1001\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-3930111990-3464362033-339816197-1001\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-3930111990-3464362033-339816197-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www1.delta-search.com/?q={searchTerms}&affID=119649&babsrc=SP_ss&mntrId=A6776C626D761FD1 IE - HKU\S-1-5-21-3930111990-3464362033-339816197-1001\..\SearchScopes\{E99B1A7E-0CAA-4DAB-A7E5-C9DE02E3F1FF}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=&apn_ptnrs=^U3&apn_dtid=^YYYYYY^YY^DE&apn_uid=DF01D04F-9165-46D9-9130-4DCA5A5B8685&apn_sauid=C85A7ABD-E0EA-4203-AD93-6D93307030DF IE - HKU\S-1-5-21-3930111990-3464362033-339816197-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3930111990-3464362033-339816197-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com Search" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.order.1: "Delta Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ncr" FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.5 FF - prefs.js..extensions.enabledAddons: toolbar%40ask.com:3.15.23.100013 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - user.js..browser.search.defaultenginename: "Google" FF - user.js..browser.search.selectedEngine: "Google" FF - user.js..browser.startup.homepage: "hxxp://www.google.de/ncr" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/13 11:49:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/13 11:49:20 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/17 12:24:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\2****2\AppData\Roaming\mozilla\Extensions [2013/04/23 20:45:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\2****2\AppData\Roaming\mozilla\Firefox\Profiles\g8vnyeqf.default\extensions [2013/04/23 20:41:21 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\2****2\AppData\Roaming\mozilla\Firefox\Profiles\g8vnyeqf.default\extensions\ffxtlbr@delta.com [2013/04/23 20:44:47 | 000,000,000 | ---D | M] (Speed Analysis 2) -- C:\Users\2****2\AppData\Roaming\mozilla\Firefox\Profiles\g8vnyeqf.default\extensions\speedanalysis02@SpeedAnalysis.com [2013/04/06 12:20:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\2****2\AppData\Roaming\mozilla\Firefox\Profiles\g8vnyeqf.default\extensions\staged [2013/05/05 19:02:29 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\2****2\AppData\Roaming\mozilla\Firefox\Profiles\g8vnyeqf.default\extensions\toolbar@ask.com [2013/04/06 12:20:43 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- C:\Users\2****2\AppData\Roaming\mozilla\Firefox\Profiles\g8vnyeqf.default\extensions\toolbar@web.de [2013/04/06 12:20:41 | 000,542,511 | ---- | M] () (No name found) -- C:\Users\2****2\AppData\Roaming\mozilla\firefox\profiles\g8vnyeqf.default\extensions\toolbar@web.de.xpi [2013/05/15 22:19:28 | 000,002,412 | ---- | M] () -- C:\Users\2****2\AppData\Roaming\mozilla\firefox\profiles\g8vnyeqf.default\searchplugins\askcom.xml [2013/05/04 16:55:12 | 000,002,306 | ---- | M] () -- C:\Users\2****2\AppData\Roaming\mozilla\firefox\profiles\g8vnyeqf.default\searchplugins\askcomsearch.xml [2013/05/01 13:45:38 | 000,006,473 | ---- | M] () -- C:\Users\2****2\AppData\Roaming\mozilla\firefox\profiles\g8vnyeqf.default\searchplugins\babylon.xml [2012/10/09 12:01:33 | 000,002,546 | ---- | M] () -- C:\Users\2****2\AppData\Roaming\mozilla\firefox\profiles\g8vnyeqf.default\searchplugins\browsemngr.xml [2013/05/01 13:45:38 | 000,006,473 | ---- | M] () -- C:\Users\2****2\AppData\Roaming\mozilla\firefox\profiles\g8vnyeqf.default\searchplugins\BrowserProtect.xml [2013/04/23 20:44:56 | 000,001,294 | ---- | M] () -- C:\Users\2****2\AppData\Roaming\mozilla\firefox\profiles\g8vnyeqf.default\searchplugins\delta.xml [2012/10/26 18:17:15 | 000,003,576 | ---- | M] () -- C:\Users\2****2\AppData\Roaming\mozilla\firefox\profiles\g8vnyeqf.default\searchplugins\Google.xml [2013/03/01 16:48:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/09/11 15:58:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012/10/24 04:29:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012/11/27 11:41:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions [2012/11/27 11:41:31 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\toolbar@web.de [2013/04/13 11:49:20 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013/03/10 12:04:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013/04/23 20:44:50 | 000,006,470 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2013/03/10 12:04:50 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013/03/10 12:04:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013/03/10 12:04:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013/03/10 12:04:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013/03/10 12:04:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://www.google.com/ CHR - Extension: No name found = C:\Users\2****2\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjkhjdcljddbedokogakmmdjgnbeanf\1.0.0.0\ CHR - Extension: No name found = C:\Users\2****2\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjkhjdcljddbedokogakmmdjgnbeanf\1.0.0.0_0\ CHR - Extension: No name found = C:\Users\2****2\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.3\ CHR - Extension: No name found = C:\Users\2****2\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.3_0\ O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Speed Analysis 2) - {18DBB6CE-3148-4FEC-B481-103CB3290427} - C:\Program Files (x86)\Speed Analysis 2\ScriptHost.dll (SpeedAnalysis.com) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.16.16\bh\delta.dll (Delta-search.com) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.16.16\deltaTlbr.dll (Delta-search.com) O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found. O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-3930111990-3464362033-339816197-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-3930111990-3464362033-339816197-1001\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard) O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard) O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\SysWOW64\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3930111990-3464362033-339816197-1001..\Run: [Driver Restore] C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe (PC Drivers Headquarters) O4 - HKU\S-1-5-21-3930111990-3464362033-339816197-1001..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro) O4 - HKU\S-1-5-21-3930111990-3464362033-339816197-1001..\Run: [SecureBanking] C:\Program Files (x86)\Secure Banking\SecureBanking.exe (Secure Banking) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\2****2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{883D51EF-5052-4398-8142-BF64612C824E}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~3\browse~2\261249~1.132\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/05/20 20:26:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secure Banking [2013/05/20 20:26:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secure Banking [2013/05/20 15:41:50 | 000,000,000 | ---D | C] -- C:\Users\2****2\AppData\Roaming\Malwarebytes [2013/05/20 15:41:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/05/20 15:41:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/05/20 15:41:38 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/05/20 15:41:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/05/16 14:52:42 | 000,000,000 | ---D | C] -- C:\Users\2****2\AppData\Roaming\Gaijin Ent [2013/05/16 12:26:12 | 000,000,000 | ---D | C] -- C:\Users\2****2\AppData\Local\STARGAZE_IMAGE_CACHE [2013/05/16 11:12:14 | 000,000,000 | ---D | C] -- C:\Users\2****2\AppData\Roaming\TMInc [2013/05/15 17:02:58 | 000,000,000 | ---D | C] -- C:\Users\2****2\AppData\Roaming\SprillBermudeEng [2013/05/15 15:57:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diamantris 2 [2013/05/15 15:57:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diamantris 2 [2013/05/15 14:15:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jewel Match 3 - Diamantris [2013/05/15 14:15:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\astragon [2013/05/14 17:52:39 | 000,000,000 | ---D | C] -- C:\Users\2****2\AppData\Roaming\CaribbeanJewel [2013/05/10 22:11:30 | 000,000,000 | ---D | C] -- C:\Users\2****2\Documents\Sizilien 2013 [2013/05/06 11:28:18 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013/05/04 16:55:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013/05/01 08:29:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared [2013/05/01 08:28:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec [2013/05/01 08:25:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton PC Checkup 3.0 [2013/05/01 08:25:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton PC Checkup 3.0 [2013/04/30 16:36:41 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB [2013/04/30 16:36:39 | 000,000,000 | ---D | C] -- C:\Users\2****2\AppData\Local\PC_Drivers_Headquarters [2013/04/30 16:36:32 | 000,000,000 | ---D | C] -- C:\Users\2****2\AppData\Roaming\PCCUStubInstaller [2013/04/30 16:36:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Restore [2013/04/30 16:35:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Restore [2013/04/30 16:35:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver Restore [2013/04/30 01:12:46 | 000,000,000 | ---D | C] -- C:\Users\2****2\Documents\Exp_Saves_2 [2013/04/27 12:23:49 | 000,000,000 | ---D | C] -- C:\Users\2****2\AppData\Roaming\T1 Games [2013/04/24 12:17:04 | 000,000,000 | ---D | C] -- C:\Users\2****2\Documents\OuttaThisKingdom_Replay [2013/04/23 20:51:11 | 000,000,000 | ---D | C] -- C:\Program Files\DomaIQ Uninstaller [2013/04/23 20:46:00 | 000,000,000 | ---D | C] -- C:\Users\2****2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoPerformer [2013/04/23 20:45:32 | 000,000,000 | ---D | C] -- C:\Users\2****2\AppData\Roaming\PerformerSoft [2013/04/23 20:45:32 | 000,000,000 | ---D | C] -- C:\Users\2****2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup [2013/04/23 20:45:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup [2013/04/23 20:45:29 | 000,019,632 | ---- | C] (PerformerSoft LLC) -- C:\Windows\SysNative\roboot64.exe [2013/04/23 20:45:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Performer [2013/04/23 20:45:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Performer [2013/04/23 20:45:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAFPlayer [2013/04/23 20:45:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tuguu SL [2013/04/23 20:45:09 | 000,000,000 | ---D | C] -- C:\Users\2****2\AppData\Roaming\player [2013/04/23 20:44:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoPerformer [2013/04/23 20:44:46 | 000,000,000 | ---D | C] -- C:\Users\2****2\AppData\Roaming\SpeedAnalysis2 [2013/04/23 20:44:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Speed Analysis 2 [2013/04/23 20:44:34 | 000,000,000 | ---D | C] -- C:\Users\2****2\AppData\Roaming\File Scout [2013/04/23 20:41:30 | 000,000,000 | ---D | C] -- C:\Users\2****2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect [2013/04/23 20:41:28 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect [2013/04/23 20:41:24 | 000,000,000 | ---D | C] -- C:\Users\2****2\AppData\Roaming\BabSolution [2013/04/23 20:41:21 | 000,000,000 | ---D | C] -- C:\Users\2****2\AppData\Roaming\Delta [2013/04/23 20:41:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Delta [2013/04/23 20:41:15 | 000,000,000 | ---D | C] -- C:\Users\2****2\AppData\Roaming\Optimizer Pro [2013/04/23 20:41:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro [2013/04/23 20:41:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro [2013/04/23 20:41:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013/04/23 20:41:03 | 000,000,000 | ---D | C] -- C:\Users\2****2\AppData\Roaming\Babylon [2013/04/23 08:52:17 | 000,000,000 | ---D | C] -- C:\Users\2****2\AppData\Roaming\FarmMystery [2013/04/21 19:09:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2013/04/21 17:51:13 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan [2013/04/21 17:51:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan [2013/04/21 16:18:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013/04/21 16:18:32 | 000,000,000 | ---D | C] -- C:\Users\2****2\AppData\Local\Google ========== Files - Modified Within 30 Days ========== [2013/05/20 22:02:20 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/05/20 22:02:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/05/20 22:01:58 | 504,688,639 | -HS- | M] () -- C:\hiberfil.sys [2013/05/20 21:44:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/05/20 20:59:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/05/20 20:56:54 | 000,000,000 | ---- | M] () -- C:\Users\2****2\defogger_reenable [2013/05/20 20:45:26 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/05/20 20:45:26 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/05/20 15:43:33 | 000,697,292 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013/05/20 15:43:33 | 000,652,610 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/05/20 15:43:33 | 000,148,330 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013/05/20 15:43:33 | 000,121,284 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/05/20 15:43:32 | 001,614,924 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/05/20 15:41:40 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/05/17 15:52:17 | 000,000,290 | ---- | M] () -- C:\Windows\tasks\PC Performer_DEFAULT.job [2013/05/16 09:36:36 | 000,432,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/05/14 09:52:02 | 000,000,360 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFor2****2.job [2013/05/06 11:28:07 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013/04/30 16:35:57 | 000,002,290 | ---- | M] () -- C:\Users\Public\Desktop\Driver Restore.lnk [2013/04/30 03:21:39 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013/04/30 03:21:39 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013/04/24 08:37:24 | 001,591,882 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013/04/24 08:21:39 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\PC Performer_UPDATES.job [2013/04/23 20:45:32 | 000,001,064 | ---- | M] () -- C:\Users\2****2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk [2013/04/23 20:45:10 | 000,002,599 | ---- | M] () -- C:\Users\Public\Desktop\VAFPlayer.lnk [2013/04/21 19:09:43 | 000,002,013 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013/04/21 17:54:55 | 000,002,150 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk ========== Files Created - No Company Name ========== [2013/05/20 20:56:54 | 000,000,000 | ---- | C] () -- C:\Users\2****2\defogger_reenable [2013/05/20 15:41:40 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/04/30 16:35:57 | 000,002,290 | ---- | C] () -- C:\Users\Public\Desktop\Driver Restore.lnk [2013/04/30 03:21:39 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013/04/30 03:21:39 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013/04/26 15:15:14 | 000,114,176 | ---- | C] () -- C:\Users\2****2\AppData\Roaming\BabMaint.exe [2013/04/23 20:45:45 | 000,000,290 | ---- | C] () -- C:\Windows\tasks\PC Performer_DEFAULT.job [2013/04/23 20:45:42 | 000,000,298 | ---- | C] () -- C:\Windows\tasks\PC Performer_UPDATES.job [2013/04/23 20:45:32 | 000,001,064 | ---- | C] () -- C:\Users\2****2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk [2013/04/23 20:45:10 | 000,002,599 | ---- | C] () -- C:\Users\Public\Desktop\VAFPlayer.lnk [2013/04/21 17:51:10 | 000,002,013 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013/04/21 16:18:38 | 000,002,150 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013/02/23 12:09:12 | 000,009,013 | ---- | C] () -- C:\Windows\wininit.ini [2011/09/17 13:34:34 | 001,591,882 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/09/17 13:03:03 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011/09/17 11:02:33 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2011/08/17 00:01:34 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat ========== ZeroAccess Check ========== [2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/12/25 10:57:02 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\3 Days Zoo Mystery [2013/04/14 18:44:55 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\8floor [2012/12/27 12:12:47 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Absolutist [2012/05/16 23:51:42 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Alawar [2012/07/12 15:42:02 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Alawar Entertainment [2012/10/20 18:47:28 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Alawar Stargaze [2013/05/06 19:57:27 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\AlawarEntertainment [2012/11/26 12:42:03 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\AlexanderTheGreat [2012/08/16 17:21:08 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Amaranth Games [2012/09/15 15:16:29 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Amulet_of_time [2012/07/14 18:35:35 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Anabel [2012/11/04 05:01:42 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Angler [2012/05/27 13:23:58 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Artifex Mundi [2012/09/16 17:57:01 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Ascaron Entertainment [2012/06/08 10:28:19 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\AtlanticJourney [2012/12/10 13:35:05 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Awem [2012/07/15 13:12:14 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\AzuazGames [2013/04/23 20:41:25 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\BabSolution [2013/04/23 20:41:03 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Babylon [2012/04/10 19:43:33 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\BanzaiInteractive [2012/08/25 16:56:16 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Be a King 2 [2012/05/11 09:33:24 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Between The Worlds 2 [2012/06/30 12:06:02 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Big Finish [2012/11/05 22:25:23 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\BlooBuzzStudios [2012/12/28 16:16:32 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\BloodTies [2012/05/21 13:09:07 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Boolat Games [2013/04/12 10:14:04 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Building the Great Wall of China Collectors Edition [2012/09/16 19:06:29 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\BVS Solitaire Collection [2013/03/30 01:59:18 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\calibre [2011/10/25 10:58:45 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Canon [2013/05/14 17:52:39 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\CaribbeanJewel [2012/03/13 18:10:28 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\casualArts [2013/02/16 14:38:27 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\cerasus.media [2012/04/12 04:44:33 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Crown [2012/04/04 22:40:41 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\CursedOnboard [2012/03/24 15:03:43 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Daedalic Entertainment [2012/04/03 22:08:41 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\DarkParablesBriarRoseSE_BFG [2012/11/21 04:54:37 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\DAVA [2012/12/20 05:04:51 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Deep Shadows [2013/04/23 20:41:21 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Delta [2012/03/12 19:21:58 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\DieselPuppet [2012/05/19 03:42:04 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\DivoGames [2012/12/18 16:18:24 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\DominiGames [2012/09/16 10:51:56 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\DragonsEye Studios [2012/04/13 09:33:05 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Dying for Daylight [2012/04/13 09:33:27 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Dying for Daylight Shared [2012/04/19 19:55:26 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\EnchantedCavern [2012/03/23 15:56:09 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\EnchantedCavern2 [2012/04/11 17:52:24 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Enlightenus_iWin [2012/11/17 17:01:49 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\EntwinedSoD [2012/04/01 00:07:24 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\EscapeTheMuseum2 [2012/07/15 09:47:15 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\FamilyVacationCalifornia [2013/04/23 10:18:01 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\FarmMystery [2012/05/24 11:23:05 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\FBI [2013/04/23 20:44:35 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\File Scout [2013/01/29 11:23:54 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Flood Light Games [2013/01/22 15:57:47 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Floodlight Games [2012/01/31 23:06:01 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\FloodLightGames [2012/10/28 12:38:57 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Freeze Tag [2012/05/08 20:58:27 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Freezetag [2013/03/27 16:56:17 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Friday's games [2012/09/17 04:05:54 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Frogwares [2012/05/06 14:26:53 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\funkitron [2012/07/12 15:00:02 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Funlinker [2012/03/21 23:40:39 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Funswitch [2013/01/25 15:37:07 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Fuzzy Bug Interactive [2013/05/16 14:52:42 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Gaijin Ent [2013/03/23 04:45:53 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Game [2012/07/14 17:38:52 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\GameHouse [2012/12/24 11:53:58 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\GameInvest [2012/10/19 17:29:20 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\GameMill [2012/03/26 21:55:12 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\GamersDigital [2012/06/09 10:14:33 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Games [2012/10/03 12:05:56 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\GestaltGames [2012/09/05 14:22:39 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\GFI [2012/06/09 10:50:45 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\GO Games [2013/01/11 14:26:18 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\gogii [2013/03/21 17:49:26 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Gogii Games [2012/05/08 14:16:40 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\GuardiansOfMagic [2012/03/21 23:32:17 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Happy Muffin Top [2012/11/08 14:00:08 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\HdO Adventure [2012/12/27 21:43:31 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\HeadRightGames [2012/11/17 16:31:18 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Hidden Objects Adventure [2012/10/25 04:31:59 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Hidden Objects Petrodollars [2012/10/21 16:41:20 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Hidden Objects Romance [2013/02/21 17:45:17 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\HipSoft [2013/01/22 14:54:39 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Hoyle Casino Vol. 1 [2013/01/22 13:56:50 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Hoyle FaceCreator [2012/03/08 10:36:43 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\iMaxGen [2012/11/27 14:05:55 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Inertia Game Studios [2012/05/21 12:53:18 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\IronCode [2012/04/22 04:09:41 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Islands [2012/12/14 14:29:13 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\island_tribe_4_realore_wild_tangent_en [2012/03/02 16:42:23 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\iWin [2012/07/12 15:06:31 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\iWinG [2012/03/22 16:06:11 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\JaiboGames [2013/05/16 00:28:42 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Jewel Match 3 [2013/04/03 22:28:41 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\JewelMatch2 [2012/12/24 17:13:22 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\JoyBits [2012/05/21 12:50:45 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\kingdom [2013/03/26 22:32:02 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Legacy Games [2012/05/12 10:26:02 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\LegacyGames [2012/07/13 17:49:14 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\LegacyInteractive [2012/06/04 23:46:28 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\LittleGamesCompany [2012/04/06 12:12:21 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Magic Academy [2012/06/23 16:09:14 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Magic Academy 2 [2012/05/20 17:29:18 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Magic3 [2013/02/23 18:41:42 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\MagicIndie [2012/03/22 07:21:10 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\margrave3_full [2012/03/24 15:14:26 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\md studio [2013/04/04 11:09:11 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Meridian93 [2013/02/06 22:22:44 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Merscom [2013/03/14 14:31:33 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\MumboJumbo [2012/06/01 17:30:20 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\My Games [2012/05/28 17:04:52 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\MysteriousCaseOfJekyllAndHyde [2012/03/11 13:45:16 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Mystery of Mortlake Mansion [2012/07/15 13:05:41 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\MysteryStudio [2012/04/27 12:56:12 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\NevoSoft [2013/03/27 13:31:29 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\NevoSoft Games [2013/04/18 09:00:42 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Nitreal Games [2012/10/26 10:58:45 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\northerntale_wildtangent_en [2012/03/24 15:09:03 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Old Castle [2013/04/23 20:41:15 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Optimizer Pro [2012/04/04 01:34:09 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Paige Harper and the Tome of Mystery [2013/04/30 16:36:32 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\PCCUStubInstaller [2012/04/23 17:03:18 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Peace Craft [2012/04/25 20:27:17 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\PeaceCraft2 [2012/04/28 16:44:03 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\PeaceCraft3 [2013/04/23 20:45:32 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\PerformerSoft [2012/04/12 15:56:10 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Phantasmat_wildgames_se [2013/03/02 01:34:01 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Pi Eye Games [2011/09/17 12:21:19 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\PictureMover [2012/05/03 15:43:28 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Pirateville [2012/10/20 13:25:42 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\PlataGames [2013/04/23 20:45:10 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\player [2013/05/16 14:48:15 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\PlayFirst [2013/02/23 18:33:59 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\playmink [2013/03/06 12:12:10 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Playrix Entertainment [2012/10/09 12:11:44 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\PlayWay [2013/01/23 16:58:18 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\PoBros [2012/05/31 11:31:38 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\PopCap Games [2012/11/07 11:24:54 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Princess Isabella [2012/05/30 10:14:53 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\quickclick [2012/04/01 00:03:10 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Quirky Games [2013/01/13 16:37:52 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Rainbow [2012/08/24 11:04:36 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\rokapublish [2013/02/16 19:00:19 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Rumbic Studio [2012/04/03 13:25:45 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Saved Games [2012/05/02 08:42:39 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Settlement. Colossus [2013/01/31 15:23:08 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Silverback Games [2012/12/16 17:03:42 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Silverback Productions [2012/06/02 16:22:13 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Sleepwalker Games [2012/09/21 11:01:25 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\SMIGames [2012/09/03 18:57:10 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\SoftGrid Client [2013/04/23 20:44:47 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\SpeedAnalysis2 [2013/01/24 13:21:24 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\SpinTop Games [2013/05/15 17:03:11 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\SprillBermudeEng [2013/04/27 12:23:49 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\T1 Games [2013/04/06 12:42:58 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\TFS2 [2013/01/07 19:39:22 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\The Curse of the Werewolves [2012/04/09 16:56:23 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\The Inquisitor [2012/10/19 17:26:29 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\The Legend Of Rome II [2013/01/23 17:26:12 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\TheFixerUpper [2012/12/24 01:47:59 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\ThreeDays2 [2013/05/16 11:12:47 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\TMInc [2012/06/01 17:36:34 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\TOMI3 [2012/10/30 18:49:20 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\TOSST [2012/07/14 18:52:44 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Total Eclipse [2011/09/17 13:35:06 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\TP [2013/03/01 16:47:48 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Trio [2012/05/20 17:25:42 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\V-Games [2012/11/05 10:56:33 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\ValuSoft [2012/04/17 18:05:56 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\VampireSaga [2012/04/01 14:33:50 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\VampireSagaHL [2012/03/26 21:50:45 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Vast Studios [2012/05/13 17:54:02 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\WeatherLord [2012/09/22 15:04:18 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\WhiteBirdsProductions [2012/04/21 18:36:45 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\Wild Tangent Islands2 [2012/05/10 04:12:50 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\WildTangent [2012/04/29 21:46:54 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\WildTangent Roads Of Rome 3 [2012/04/20 16:50:01 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\wildtangentIslands3 [2012/03/18 13:52:36 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\WildTangentv1000 [2012/03/15 17:16:47 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\WildTangentv1001 [2012/04/15 15:21:49 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\WildTangentv1002 [2012/03/14 19:22:49 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\WildTangentv1006 [2012/09/15 14:32:12 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\wild_tangent_adelantado [2011/10/23 14:23:37 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\WinBatch [2012/08/18 07:18:45 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\World-Loom [2012/08/15 18:35:40 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\wtallmygodsde [2013/01/16 04:48:11 | 000,000,000 | ---D | M] -- C:\Users\2****2\AppData\Roaming\YoudaGames [2012/05/29 09:03:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Canon [2013/04/25 10:33:09 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\PerformerSoft [2011/09/17 11:09:19 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\PictureMover ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:373E1720 < End of report > EXTRAS.txt macht mir OTL.exe gar keine und bei Gmer.exe kommt nach einer Weile eine Fehlermeldung (siehe Anhang). Vielen Dank schonmal, CH4OS |
|
21.05.2013, 06:36
| #2 |
| /// Malwareteam / Visitor  |  PC Performer (Log-Files) Hi CH4OS
__________________Ich bin Smeenk und ich werde versuchen Dir zu helfen  Systemscan mit ZOEK Bitte lade die zoek.exe von hier: http://hijackthis.nl/smeenk/
Bitte alles nach Möglichkeit hier in CODE-Tags posten: [code] Dein Log hier [/code] |
|
25.05.2013, 14:47
| #3 |
| | PC Performer (Log-Files) Hi Smeenk! Danke für deine Hilfe!
__________________Hier dein geforderter Zoek-Scan: Code:
ATTFilter Zoek.exe Version 4.0.0.2 Updated 22-May-2013
Tool run by [user2] on 25.05.2013 at 14:29:11,01.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
==== Creating Sample__1434.zip ======================
Copied file C:\Users\[user2]\AppData\Roaming\BabMaint.exe to sample
sample\BabMaint.exe renamed to CC1A55091FD96BCB624AD791CD15D179
C:\Users\Public\Desktop\sample__1434.zip created successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-21-3930111990-3464362033-339816197-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-21-3930111990-3464362033-339816197-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-21-3930111990-3464362033-339816197-1001\Software\Microsoft\Internet Explorer\SearchScopes\{E99B1A7E-0CAA-4DAB-A7E5-C9DE02E3F1FF} deleted successfully
HKEY_USERS\S-1-5-21-3930111990-3464362033-339816197-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully
HKEY_USERS\S-1-5-21-3930111990-3464362033-339816197-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{E54729E8-BB3D-4270-9D49-7389EA579090} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{E54729E8-BB3D-4270-9D49-7389EA579090} deleted successfully
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BrowserProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BrowserProtect deleted successfully
==== FireFox Fix ======================
ProfilePath: C:\Users\[user2]\AppData\Roaming\Mozilla\Firefox\Profiles\g8vnyeqf.default
---- Lines BabylonToolbar removed from prefs.js ----
user_pref("extensions.BabylonToolbar.admin", false);
user_pref("extensions.BabylonToolbar.aflt", "babsst");
user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
user_pref("extensions.BabylonToolbar.bbDpng", "23");
user_pref("extensions.BabylonToolbar.cntry", "DE");
user_pref("extensions.BabylonToolbar.dfltLng", "en");
user_pref("extensions.BabylonToolbar.dpkLst", "");
user_pref("extensions.BabylonToolbar.excTlbr", false);
user_pref("extensions.BabylonToolbar.hdrMd5", "E42F492D6C94812C8E54E095AF60BB7B");
user_pref("extensions.BabylonToolbar.hmpg", false);
user_pref("extensions.BabylonToolbar.id", "a67752d80000000000006c626d761fd1");
user_pref("extensions.BabylonToolbar.instlDay", "15622");
user_pref("extensions.BabylonToolbar.instlRef", "sst");
user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.8.0.712:01:22");
user_pref("extensions.BabylonToolbar.newTab", true);
user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"64\",\"lastVrsn\":\"64\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"true\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar.sg", "azb");
user_pref("extensions.BabylonToolbar.smplGrp", "azb");
user_pref("extensions.BabylonToolbar.tlbrId", "base");
user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=a67752d80000000000006c626d761fd1&q=");
user_pref("extensions.BabylonToolbar.vrsn", "1.8.0.7");
user_pref("extensions.BabylonToolbar.vrsni", "1.8.0.7");
user_pref("extensions.BabylonToolbar.vrsnTs", "1.8.0.712:01:22");
user_pref("extensions.BabylonToolbar_i.newTab", true);
user_pref("extensions.BabylonToolbar_i.newTabUrl", "about:home");
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.0.712:01:22");
---- Lines BabylonToolbar modified from prefs.js ----
---- Lines BabylonToolbar removed from user.js ----
user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=a67752d80000000000006c626d761fd1&q=");
user_pref("extensions.BabylonToolbar.id", "a67752d80000000000006c626d761fd1");
user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
user_pref("extensions.BabylonToolbar.instlDay", "15622");
user_pref("extensions.BabylonToolbar.vrsn", "1.8.0.7");
user_pref("extensions.BabylonToolbar.vrsni", "1.8.0.7");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.0.712:01:22");
user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar.aflt", "babsst");
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar.tlbrId", "base");
user_pref("extensions.BabylonToolbar.instlRef", "sst");
user_pref("extensions.BabylonToolbar.dfltLng", "en");
user_pref("extensions.BabylonToolbar.excTlbr", false);
user_pref("extensions.BabylonToolbar.admin", false);
---- Lines delta removed from prefs.js ----
user_pref("browser.search.order.1", "Delta Search");
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.dfltLng", "en");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.ffxUnstlRst", true);
user_pref("extensions.delta.id", "a67752d80000000000006c626d761fd1");
user_pref("extensions.delta.instlDay", "15818");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.newTab", false);
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.vrsn", "1.8.16.16");
user_pref("extensions.delta.vrsni", "1.8.16.16");
user_pref("extensions.delta.vrsnTs", "1.8.16.1620:44:56");
---- Lines delta modified from prefs.js ----
user_pref("extensions.installCache", "[{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1365846560535},\"{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\",\"mtime\":1347371897556},\"{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\",\"mtime\":1351045781001}}},{\"name\":\"app-profile\",\"addons\":{\"ffxtlbr@delta.com\":{\"descriptor\":\"C:\\\\Users\\\\[user2]\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\g8vnyeqf.default\\\\extensions\\\\ffxtlbr@delta.com\",\"mtime\":1366742482176},\"speedanalysis02@SpeedAnalysis.com\":{\"descriptor\":\"C:\\\\Users\\\\[user2]\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\g8vnyeqf.default\\\\extensions\\\\speedanalysis02@SpeedAnalysis.com\",\"mtime\":1366742687919},\"toolbar@ask.com\":{\"descriptor\":\"C:\\\\Users\\\\[user2]\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\g8vnyeqf.default\\\\extensions\\\\toolbar@ask.com\",\"mtime\":1367912637189},\"toolbar@web.de\":{\"descriptor\":\"C:\\\\Users\\\\[user2]\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\g8vnyeqf.default\\\\extensions\\\\toolbar@web.de.xpi\",\"mtime\":1365243641245}}}]");
---- Lines delta removed from user.js ----
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.id", "a67752d80000000000006c626d761fd1");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.instlDay", "15818");
user_pref("extensions.delta.vrsn", "1.8.16.16");
user_pref("extensions.delta.vrsni", "1.8.16.16");
user_pref("extensions.delta.vrsnTs", "1.8.16.1620:44:56");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.dfltLng", "en");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.ffxUnstlRst", true);
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.newTab", false);
---- Lines conduit removed from prefs.js ----
user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");
---- Lines conduit modified from prefs.js ----
---- Lines conduit removed from user.js ----
---- Lines WebSearch removed from prefs.js ----
user_pref("extensions.asktb.http-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \"WWW.google.com\", \"https://websearch.ask.com\", \"hxxp://wiki.jeeves.ask.info\", \"69.147.125.65\", \"10.0.2.85\", \"sp.ask.com\", \"websearch.ask.com\", \"www.ask.com\", \"ask.com\"]");
---- Lines WebSearch modified from prefs.js ----
---- Lines WebSearch removed from user.js ----
---- Lines ask.com removed from prefs.js ----
user_pref("browser.search.defaultengine", "Ask.com Search");
user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&o={o}&l={l}&gct=bar");
---- Lines ask.com modified from prefs.js ----
user_pref("extensions.enabledAddons", "toolbar%40web.de:2.5,toolbar%40ask.com:3.15.23.100013,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1");
user_pref("extensions.installCache", "[{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1365846560535},\"{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\",\"mtime\":1347371897556},\"{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\",\"mtime\":1351045781001}}},{\"name\":\"app-profile\",\"addons\":{\"ffxtlbr@disabled.com\":{\"descriptor\":\"C:\\\\Users\\\\[user2]\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\g8vnyeqf.default\\\\extensions\\\\ffxtlbr@disabled.com\",\"mtime\":1366742482176},\"speedanalysis02@SpeedAnalysis.com\":{\"descriptor\":\"C:\\\\Users\\\\[user2]\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\g8vnyeqf.default\\\\extensions\\\\speedanalysis02@SpeedAnalysis.com\",\"mtime\":1366742687919},\"toolbar@ask.com\":{\"descriptor\":\"C:\\\\Users\\\\[user2]\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\g8vnyeqf.default\\\\extensions\\\\toolbar@ask.com\",\"mtime\":1367912637189},\"toolbar@web.de\":{\"descriptor\":\"C:\\\\Users\\\\[user2]\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\g8vnyeqf.default\\\\extensions\\\\toolbar@web.de.xpi\",\"mtime\":1365243641245}}}]");
---- Lines ask.com removed from user.js ----
---- Lines asktb removed from prefs.js ----
user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
user_pref("extensions.asktb.cbid", "^U3");
user_pref("extensions.asktb.config-updated", false);
user_pref("extensions.asktb.crumb", "2013.03.01+23.57.27-toolbar003iad-DE-S29ibGVueixHZXJtYW55");
user_pref("extensions.asktb.displaybehavior", "");
user_pref("extensions.asktb.displaytext", "");
user_pref("extensions.asktb.dtid", "^YYYYYY^YY^DE");
user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "GMSN1112");
user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");
user_pref("extensions.asktb.ff19-config-first-run", "true");
user_pref("extensions.asktb.first-launch-url", "hxxp://survey.1und1.de/survey.php?survey=351704155209&nr=8081057&tid=3004");
user_pref("extensions.asktb.first-restart-after-config-update", true);
user_pref("extensions.asktb.fresh-install", false);
user_pref("extensions.asktb.keyword-toggled-in-session", false);
user_pref("extensions.asktb.l", "dis");
user_pref("extensions.asktb.last-config-req", "1368649168001");
user_pref("extensions.asktb.locale", "de_DE");
user_pref("extensions.asktb.location", "Koblenz,Germany");
user_pref("extensions.asktb.lstation", "");
user_pref("extensions.asktb.new-tab-opt-out", true);
user_pref("extensions.asktb.news-native-on", true);
user_pref("extensions.asktb.o", "100000027");
user_pref("extensions.asktb.oldVersion", "5.15.15.36191");
user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
user_pref("extensions.asktb.pstate", "");
user_pref("extensions.asktb.qsrc", "2871");
user_pref("extensions.asktb.r", "20");
user_pref("extensions.asktb.search-suggestions-enabled", true);
user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
user_pref("extensions.asktb.socialmini-first", true);
user_pref("extensions.asktb.socialmini-interval", "1200000");
user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
user_pref("extensions.asktb.socialmini-max-items", "30");
user_pref("extensions.asktb.socialmini-native-on", true);
user_pref("extensions.asktb.socialmini-speed", "10000");
user_pref("extensions.asktb.socialmini-transition-first-open", false);
user_pref("extensions.asktb.to", "");
user_pref("extensions.asktb.v", "3.15.23.100013");
user_pref("extensions.asktb.volume", "");
---- Lines asktb modified from prefs.js ----
---- Lines asktb removed from user.js ----
---- Lines SpeedAnalysis removed from prefs.js ----
---- Lines SpeedAnalysis modified from prefs.js ----
user_pref("extensions.installCache", "[{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1365846560535},\"{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\",\"mtime\":1347371897556},\"{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\",\"mtime\":1351045781001}}},{\"name\":\"app-profile\",\"addons\":{\"ffxtlbr@disabled.com\":{\"descriptor\":\"C:\\\\Users\\\\[user2]\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\g8vnyeqf.default\\\\extensions\\\\ffxtlbr@disabled.com\",\"mtime\":1366742482176},\"speedanalysis02@SpeedAnalysis.com\":{\"descriptor\":\"C:\\\\Users\\\\[user2]\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\g8vnyeqf.default\\\\extensions\\\\speedanalysis02@SpeedAnalysis.com\",\"mtime\":1366742687919},\"toolbar@disabled\":{\"descriptor\":\"C:\\\\Users\\\\[user2]\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\g8vnyeqf.default\\\\extensions\\\\toolbar@disabled\",\"mtime\":1367912637189},\"toolbar@web.de\":{\"descriptor\":\"C:\\\\Users\\\\[user2]\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\g8vnyeqf.default\\\\extensions\\\\toolbar@web.de.xpi\",\"mtime\":1365243641245}}}]");
---- Lines SpeedAnalysis removed from user.js ----
---- FireFox user.js and prefs.js backups ----
user__1435_.backup
prefs__1435_.backup
ProfilePath: C:\Users\[user1]\AppData\Roaming\Mozilla\Firefox\Profiles\6y8ugz3q.default
---- Lines BabylonToolbar removed from prefs.js ----
---- Lines BabylonToolbar modified from prefs.js ----
---- Lines BabylonToolbar removed from user.js ----
---- Lines delta removed from prefs.js ----
user_pref("browser.search.order.1", "Delta Search");
---- Lines delta modified from prefs.js ----
---- Lines delta removed from user.js ----
---- Lines conduit removed from prefs.js ----
---- Lines conduit modified from prefs.js ----
---- Lines conduit removed from user.js ----
---- Lines WebSearch removed from prefs.js ----
---- Lines WebSearch modified from prefs.js ----
---- Lines WebSearch removed from user.js ----
---- Lines ask.com removed from prefs.js ----
user_pref("browser.search.defaultengine", "Ask.com");
---- Lines ask.com modified from prefs.js ----
---- Lines ask.com removed from user.js ----
---- Lines asktb removed from prefs.js ----
user_pref("extensions.asktb.ff-original-keyword-url", "");
---- Lines asktb modified from prefs.js ----
---- Lines asktb removed from user.js ----
---- Lines SpeedAnalysis removed from prefs.js ----
---- Lines SpeedAnalysis modified from prefs.js ----
---- Lines SpeedAnalysis removed from user.js ----
---- FireFox user.js and prefs.js backups ----
user__1435_.backup
prefs__1435_.backup
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"bProtector Start Page"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"bProtectorDefaultScope"=-
==== Batch Command(s) Run By Tool======================
C:\Windows\System32\roboot64.exe deleted successfully
==== Deleting Files \ Folders ======================
"C:\Windows\SysNative\roboot64.exe" not found
"C:\Users\[user2]\AppData\Roaming\Mozilla\Firefox\Profiles\g8vnyeqf.default\searchplugins\delta.xml" deleted
"C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml" not deleted
"C:\Users\[user2]\AppData\Local\Google\Chrome\User Data\Default\bprotector web data" deleted
"C:\Users\[user2]\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences" deleted
"C:\Windows\tasks\PC Performer_DEFAULT.job" deleted
"C:\Windows\tasks\PC Performer_UPDATES.job" deleted
"C:\Users\[user2]\AppData\Roaming\Mozilla\Firefox\Profiles\g8vnyeqf.default\searchplugins\browsemngr.xml" deleted
"C:\Users\[user2]\AppData\Roaming\Mozilla\Firefox\Profiles\g8vnyeqf.default\searchplugins\BrowserProtect.xml" deleted
"C:\Users\[user2]\AppData\Roaming\Mozilla\Firefox\Profiles\g8vnyeqf.default\searchplugins\babylon.xml" not deleted
"C:\Users\[user2]\AppData\Roaming\Mozilla\Firefox\Profiles\g8vnyeqf.default\searchplugins\askcom.xml" deleted
"C:\Users\[user2]\AppData\Roaming\Mozilla\Firefox\Profiles\g8vnyeqf.default\searchplugins\askcomsearch.xml" deleted
"C:\Users\[user2]\AppData\Roaming\Mozilla\Firefox\Profiles\g8vnyeqf.default\searchplugins\askcomsearch.xml" deleted
"C:\Users\[user2]\AppData\Roaming\Mozilla\Firefox\Profiles\g8vnyeqf.default\bprotector_extensions.sqlite" deleted
"C:\Users\[user2]\AppData\Roaming\Mozilla\Firefox\Profiles\g8vnyeqf.default\bprotector_prefs.js" deleted
"C:\Users\[user1]\AppData\Roaming\Mozilla\Firefox\Profiles\6y8ugz3q.default\bprotector_extensions.sqlite" deleted
"C:\Users\[user1]\AppData\Roaming\Mozilla\Firefox\Profiles\6y8ugz3q.default\bprotector_prefs.js" deleted
"C:\Users\[user2]\AppData\Roaming\BabMaint.exe" deleted
"C:\Users\[user2]\AppData\Roaming\TMInc\game.cfg" deleted
"C:\Users\[user2]\AppData\Roaming\TMInc\user1.sav" deleted
"C:\Program Files (x86)\PC Performer\isxdl.dll" deleted
"C:\Program Files (x86)\PC Performer\PCPerformer.dll" deleted
"C:\Program Files (x86)\PC Performer\PCPerformer.exe" deleted
"C:\Program Files (x86)\PC Performer\xmllite.dll" deleted
"C:\Program Files (x86)\Ask.com\Updater\Updater.exe" deleted
"C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl" not deleted
"C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll" not deleted
"C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe" not deleted
"C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.settings" not deleted
"C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\dm" not deleted
"C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe" not deleted
"C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\bprotector.js" not deleted
"C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\00" not deleted
"C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\01" not deleted
"C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\02" not deleted
"C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\03" not deleted
"C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\10" not deleted
"C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\11" not deleted
"C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\12" not deleted
"C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\13" not deleted
"C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\20" not deleted
"C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\21" not deleted
"C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\22" not deleted
"C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\23" not deleted
"C:\Users\[user2]\AppData\Roaming\TMInc" deleted
"C:\Program Files (x86)\Delta" deleted
"C:\Program Files (x86)\PC Performer" deleted
"C:\Program Files (x86)\Optimizer Pro" deleted
"C:\Program Files (x86)\Ask.com" deleted
"C:\Users\[user2]\AppData\Roaming\SpeedAnalysis2" deleted
"C:\Users\[user2]\AppData\Roaming\BabSolution" deleted
"C:\Users\[user2]\AppData\Roaming\Babylon" deleted
"C:\Users\[user2]\AppData\Roaming\File Scout" deleted
"C:\Users\[user2]\AppData\Roaming\Delta" deleted
"C:\Users\[user2]\AppData\Roaming\YoudaGames" deleted
"C:\Users\[user2]\AppData\Roaming\PerformerSoft" deleted
"C:\Users\[user2]\AppData\Roaming\Optimizer Pro" deleted
"C:\ProgramData\BrowserProtect" not deleted
"C:\ProgramData\Ask" deleted
"C:\ProgramData\boost_interprocess" deleted
"C:\ProgramData\Babylon" deleted
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro" deleted
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Performer" deleted
"C:\Users\[user2]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect" deleted
"C:\Users\[user2]\AppData\LocalLow\AskToolbar" deleted
"C:\Users\[user2]\AppData\LocalLow\Delta" deleted
"C:\Windows\SysWow64\searchplugins" deleted
"C:\Windows\SysWow64\Extensions" deleted
"C:\Users\[user2]\AppData\Roaming\Mozilla\Firefox\Profiles\g8vnyeqf.default\extensions\staged" deleted
"C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}" deleted
"C:\Users\[user2]\AppData\Roaming\Mozilla\Firefox\Profiles\g8vnyeqf.default\extensions\ffxtlbr@delta.com" deleted
"C:\Users\[user2]\AppData\Roaming\Mozilla\Firefox\Profiles\g8vnyeqf.default\extensions\toolbar@ask.com" deleted
"C:\Users\[user2]\AppData\Roaming\Mozilla\Firefox\Profiles\g8vnyeqf.default\extensions\speedanalysis02@SpeedAnalysis.com" deleted
"C:\Users\[user2]\AppData\Roaming\Mozilla\Firefox\Profiles\g8vnyeqf.default\extensions\toolbar@ask.com" deleted
"C:\Program Files (x86)\Ask.com\Updater" deleted
"C:\ProgramData\BrowserProtect\2.6.1249.132" not deleted
"C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" not deleted
"C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension" not deleted
"C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings" not deleted
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\JUTTAB~1\AppData\Local\Temp ====
====== C:\Windows\SysWOW64 =====
2013-05-15 23:17:13 49834B94A8E8383B700EDDEF46C2AE6A 2706432 ----a-w- C:\Windows\SysWOW64\mshtml.tlb
2013-05-15 23:17:13 28AEB03752D716BF149DBC93A9ACC17E 391168 ----a-w- C:\Windows\SysWOW64\ieui.dll
2013-05-15 23:17:12 DFDBC397D0DDBD1AFA3CB400D4C003A9 61440 ----a-w- C:\Windows\SysWOW64\iesetup.dll
2013-05-15 23:17:12 5915AA67DECA289F7B4AFB686CDB09E9 71680 ----a-w- C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-05-15 23:17:12 3CC9825BFFE7B7429C8B79B0395ACDA8 33280 ----a-w- C:\Windows\SysWOW64\iernonce.dll
2013-05-15 23:17:12 366D8EA2ADCBA228C9487BC6D2427DDC 109056 ----a-w- C:\Windows\SysWOW64\iesysprep.dll
2013-05-15 23:17:11 F59A16A9418044C1D505C53DA370B099 2046976 ----a-w- C:\Windows\SysWOW64\iertutil.dll
2013-05-15 23:17:11 52AA8A8DA4175580F365D275EB53DBE3 493056 ----a-w- C:\Windows\SysWOW64\msfeeds.dll
2013-05-15 23:17:10 C9A062F32FF600C96795B43CD9A53151 2877440 ----a-w- C:\Windows\SysWOW64\jscript9.dll
2013-05-15 23:17:10 65C95886E1B17001ADDF163AC18C5525 1130496 ----a-w- C:\Windows\SysWOW64\urlmon.dll
2013-05-15 23:17:10 0142341520F0A0F2B0E312335B96705B 690688 ----a-w- C:\Windows\SysWOW64\jscript.dll
2013-05-15 23:17:09 5ABB3F36AF17007F33FA275E96A2C95E 1767424 ----a-w- C:\Windows\SysWOW64\wininet.dll
2013-05-15 23:17:09 03180AFD271BFD88813F428421BC4A1A 39424 ----a-w- C:\Windows\SysWOW64\jsproxy.dll
2013-05-15 23:17:08 7A468BC721C1D34E60389D3F2F87BBEA 14323712 ----a-w- C:\Windows\SysWOW64\mshtml.dll
2013-05-15 23:17:05 D5E5A86F49ACC11768D8339094C3AFD8 13760512 ----a-w- C:\Windows\SysWOW64\ieframe.dll
2013-05-15 15:11:14 E904178851A6A44BFA97E064EF779E9D 1796096 ----a-w- C:\Windows\SysWOW64\authui.dll
2013-05-15 15:11:14 565D78187494FB5F08B5A52DEB2AEA7A 12872704 ----a-w- C:\Windows\SysWOW64\shell32.dll
2013-05-15 15:11:14 1F05F5A16881CD928C82D53CEFCF4477 180224 ----a-w- C:\Windows\SysWOW64\shdocvw.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2013-05-15 23:17:13 9B2BB51ED6D28860A48CFF46FD6D3DC1 2706432 ----a-w- C:\Windows\Sysnative\mshtml.tlb
2013-05-15 23:17:12 FE6CB2001A8C2A85B617CD3FC85D8242 526336 ----a-w- C:\Windows\Sysnative\ieui.dll
2013-05-15 23:17:12 97588F2871E1FE8E3EB57B17B98DF03B 67072 ----a-w- C:\Windows\Sysnative\iesetup.dll
2013-05-15 23:17:12 42758AF68D3C4912C8D8A18088AD2555 51712 ----a-w- C:\Windows\Sysnative\ie4uinit.exe
2013-05-15 23:17:12 168602AB16D30D5D6E091CA609FC7E75 39936 ----a-w- C:\Windows\Sysnative\iernonce.dll
2013-05-15 23:17:11 EC6E8273B6CB79CA5B7B00CA82D1FCEE 136704 ----a-w- C:\Windows\Sysnative\iesysprep.dll
2013-05-15 23:17:11 A197763AA7487807279AB61CD6835CEF 89600 ----a-w- C:\Windows\Sysnative\RegisterIEPKEYs.exe
2013-05-15 23:17:11 9D6B9124B582F0FBF275B434CE5A672C 2647552 ----a-w- C:\Windows\Sysnative\iertutil.dll
2013-05-15 23:17:11 7DAA72F6C30D81EE31EC2BDC90054326 603136 ----a-w- C:\Windows\Sysnative\msfeeds.dll
2013-05-15 23:17:10 E34F0440799F9A0F9DC4265F4ADA75C1 1365504 ----a-w- C:\Windows\Sysnative\urlmon.dll
2013-05-15 23:17:10 772EC073332D1BA2DBEC32C6D063811A 855552 ----a-w- C:\Windows\Sysnative\jscript.dll
2013-05-15 23:17:10 2C96C695B6015042AC867EA419A45C20 3958784 ----a-w- C:\Windows\Sysnative\jscript9.dll
2013-05-15 23:17:09 27A9000C534AA9BADC9EE74940F50C6D 2242048 ----a-w- C:\Windows\Sysnative\wininet.dll
2013-05-15 23:17:09 254502230F2259D255D4149C235173B1 53248 ----a-w- C:\Windows\Sysnative\jsproxy.dll
2013-05-15 23:17:06 C56EF4C50A1FEED0CC9B7AE068CBBBBB 19231232 ----a-w- C:\Windows\Sysnative\mshtml.dll
2013-05-15 23:17:06 7F4F74880E0B586EB7A9E225C34B1296 15404032 ----a-w- C:\Windows\Sysnative\ieframe.dll
2013-05-15 15:11:21 943F527DF79E6B400104341AA7023C75 144384 ----a-w- C:\Windows\Sysnative\cdd.dll
2013-05-15 15:11:20 A11523523B31086DD760C0189C763359 3153920 ----a-w- C:\Windows\Sysnative\win32k.sys
2013-05-15 15:11:19 FE90B750AB808FB9DD8FBB428B5FF83B 230400 ----a-w- C:\Windows\Sysnative\wwansvc.dll
2013-05-15 15:11:19 30B1489F2DCD8DC1AB6BB60CA6093615 48640 ----a-w- C:\Windows\Sysnative\wwanprotdim.dll
2013-05-15 15:11:14 E948D1D42DC68923ABD75EEB5BCCD1D3 111448 ----a-w- C:\Windows\Sysnative\consent.exe
2013-05-15 15:11:14 9D2A2369AB4B08A4905FE72DB104498F 70144 ----a-w- C:\Windows\Sysnative\appinfo.dll
2013-05-15 15:11:14 3EF480BFED1B5947A32585E30A58D4ED 1930752 ----a-w- C:\Windows\Sysnative\authui.dll
2013-05-15 15:11:14 22A0AE97360C1B146FDD9AA55AC0E989 197120 ----a-w- C:\Windows\Sysnative\shdocvw.dll
2013-05-15 15:11:14 1BFC94665BCA35F9001ADC7BFB167C63 14172672 ----a-w- C:\Windows\Sysnative\shell32.dll
====== C:\Windows\Sysnative\drivers =====
2013-05-25 12:25:53 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_Kernel_dc3d_01011.Wdf
2013-05-20 13:41:38 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys
2013-05-15 15:11:22 AF2E16242AA723F68F461B6EAE2EAD3D 983400 ----a-w- C:\Windows\Sysnative\drivers\dxgkrnl.sys
2013-05-15 15:11:22 1F04CFB79DD5FB7694468CE3FB3DCC31 265064 ----a-w- C:\Windows\Sysnative\drivers\dxgmms1.sys
2013-05-06 09:28:18 4BDDB42CB6BF46452FA7155EA5381576 83160 ----a-w- C:\Windows\Sysnative\drivers\avnetflt.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\Program Files (x86) =====
2013-05-20 18:26:14 -------- d-----w- C:\Program Files (x86)\Secure Banking
2013-05-15 13:57:37 -------- d-----w- C:\Program Files (x86)\Diamantris 2
2013-05-15 12:15:48 -------- d-----w- C:\Program Files (x86)\astragon
2013-04-30 14:35:49 -------- d-----w- C:\Program Files (x86)\Driver Restore
======= =====
====== C:\Users\[user2]\AppData\Roaming ======
2013-05-16 12:52:42 -------- d-----w- C:\users\[user2]\AppData\Roaming\Gaijin Ent
2013-05-16 10:26:12 -------- d-----w- C:\users\[user2]\AppData\Local\STARGAZE_IMAGE_CACHE
2013-05-15 15:02:58 -------- d-----w- C:\users\[user2]\AppData\Roaming\SprillBermudeEng
2013-05-14 15:52:39 -------- d-----w- C:\users\[user2]\AppData\Roaming\CaribbeanJewel
2013-05-06 17:57:31 -------- d-----w- C:\users\[user2]\AppData\Locallow\Unity
2013-04-30 14:36:39 -------- d-----w- C:\users\[user2]\AppData\Local\PC_Drivers_Headquarters
2013-04-30 14:36:32 -------- d-----w- C:\users\[user2]\AppData\Roaming\PCCUStubInstaller
2013-04-27 10:23:49 -------- d-----w- C:\users\[user2]\AppData\Roaming\T1 Games
====== C:\Users\[user2] ======
2013-05-20 18:56:54 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\[user2]\defogger_reenable
2013-05-20 18:26:14 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secure Banking
2013-05-15 13:57:50 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diamantris 2
2013-05-15 12:15:52 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jewel Match 3 - Diamantris
2013-04-30 14:36:41 -------- d-----w- C:\ProgramData\UAB
2013-04-30 14:36:32 -------- d-----w- C:\ProgramData\Driver Restore
2013-04-30 14:35:56 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Restore
====== C: exe-files ==
2013-05-25 12:25:10 6920E11DF3F82C258433EB0B221B47DF 947752 ----a-w- C:\Program Files (x86)\MyPC Backup\~updates\Updater.exe
2013-05-25 12:25:09 8DD60064C3DE294624F44A3D4150ACB3 15360 ----a-w- C:\Program Files (x86)\MyPC Backup\~updates\UnRegisterExtensions.exe
2013-05-25 12:25:04 EA0F3D2073EBDEAB795725703030C165 2009128 ----a-w- C:\Program Files (x86)\MyPC Backup\~updates\Signup Wizard.exe
2013-05-25 12:24:59 59EE7BE8CE1C58A09BF15192FCDC1860 13864 ----a-w- C:\Program Files (x86)\MyPC Backup\~updates\Service Start.exe
2013-05-25 12:24:58 0BC034B66E1366C47BF9225AAF99FEEF 1934376 ----a-w- C:\Program Files (x86)\MyPC Backup\~updates\MyPC Backup.exe
2013-05-25 12:24:42 75F59E6C8806719CBB67D3E73F376CA8 32808 ----a-w- C:\Program Files (x86)\MyPC Backup\~updates\BackupStack.exe
2013-05-20 20:05:14 5C8CCBA6B46E97D32DF9F2B7C947027C 717322 ----a-w- C:\Program Files (x86)\Secure Banking\unins000.exe
2013-05-20 18:26:14 429FF5CE5B8695F1BF42CBF5FCB33895 32768 ----a-w- C:\Program Files (x86)\Secure Banking\updater.exe
2013-05-20 18:26:14 22459522D1A10036C3384096E7B529C3 372736 ----a-w- C:\Program Files (x86)\Secure Banking\SecureBanking.exe
2013-05-20 18:26:14 11A4595E98B822A03FCAD7100AEA2F88 2560 ----a-w- C:\Program Files (x86)\Secure Banking\sbservice.exe
=== C: other files ==
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-21-3930111990-3464362033-339816197-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
"Optimizer Pro"="C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe"
"Driver Restore"="C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe /applicationMode:systemTray /showWelcome:false"
"SecureBanking"="C:\Program Files (x86)\Secure Banking\SecureBanking.exe"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="C:\Program Files (x86)\PDF Complete\pdfsty.exe"
"IAStorIcon"="C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"HP Software Update"="c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe"
"BATINDICATOR"="C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe"
"LaunchHPOSIAPP"="C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe"
"Easybits Recovery"="C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"NeroFilterCheck"="C:\Windows\system32\NeroCheck.exe"
"BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe /min"
"ApnUpdater"="C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
"Optimizer Pro"="C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe"
"Driver Restore"="C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe /applicationMode:systemTray /showWelcome:false"
"SecureBanking"="C:\Program Files (x86)\Secure Banking\SecureBanking.exe"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe"
"SmartMenu"="C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background"
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon"
==== Startup Folders ======================
2013-04-23 18:45:32 1064 ----a-w- C:\users\[user2]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
2011-09-17 10:47:03 1260 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
2013-04-21 15:51:10 2013 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
2011-08-16 21:56:14 2029 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [15.05.2013 22:44]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [17.09.2011 11:41]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [17.09.2011 11:41]
C:\Windows\tasks\HPCeeScheduleFor[user2].job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [05.01.2010 12:53]
==== Firefox Extensions ======================
ProfilePath: C:\Users\[user2]\AppData\Roaming\Mozilla\Firefox\Profiles\g8vnyeqf.default
- WEB.DE MailCheck - %ProfilePath%\extensions\toolbar@web.de
- WEB.DE MailCheck - %ProfilePath%\extensions\toolbar@web.de.xpi
ProfilePath: C:\Users\[user1]\AppData\Roaming\Mozilla\Firefox\Profiles\6y8ugz3q.default
- WEB.DE MailCheck - %ProfilePath%\extensions\toolbar@web.de.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
==== Firefox Plugins ======================
Profilepath: C:\Users\[user2]\AppData\Roaming\Mozilla\Firefox\Profiles\g8vnyeqf.default
7ABE33792F2787D599B6963E71B9E8CD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll - Shockwave Flash
ADC539F67D3198679F480974EE203678 - C:\Windows\SysWOW64\npdeployJava1.dll - Java Deployment Toolkit 7.0.210.11
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dgjkhjdcljddbedokogakmmdjgnbeanf - C:\Users\[user2]\AppData\Roaming\SpeedAnalysis2\speedanalysis.crx[]
eooncjejnppfjjklapaamhcdmjbilmde - C:\Users\[user2]\AppData\Roaming\BabSolution\CR\Delta.crx[]
Speed Analysis 2 - [user2] - Default\Extensions\dgjkhjdcljddbedokogakmmdjgnbeanf
Delta Toolbar - [user2] - Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Google Docs - [user1] - Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - [user1] - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - [user1] - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - [user1] - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Gmail - [user1] - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Chrome Fix ======================
C:\Users\[user2]\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjkhjdcljddbedokogakmmdjgnbeanf deleted successfully
C:\Users\[user2]\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www1.delta-search.com/?affID=119649&babsrc=HP_ss&mntrId=A6776C626D761FD1"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} Delta Search Url="hxxp://www1.delta-search.com/?q={searchTerms}&affID=119649&babsrc=SP_ss&mntrId=A6776C626D761FD1"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{B889F3FF-D1DC-4B7A-BF65-032AC8FC7A2B} Unknown Url="Not_Found"
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3930111990-3464362033-339816197-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-3930111990-3464362033-339816197-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-3930111990-3464362033-339816197-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-3930111990-3464362033-339816197-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-3930111990-3464362033-339816197-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully
HKEY_USERS\S-1-5-21-3930111990-3464362033-339816197-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully
HKEY_USERS\S-1-5-21-3930111990-3464362033-339816197-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully
HKEY_USERS\S-1-5-21-3930111990-3464362033-339816197-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-3930111990-3464362033-339816197-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-3930111990-3464362033-339816197-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully
HKEY_USERS\S-1-5-21-3930111990-3464362033-339816197-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully
HKEY_USERS\S-1-5-21-3930111990-3464362033-339816197-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully
HKEY_USERS\S-1-5-21-3930111990-3464362033-339816197-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully
HKEY_USERS\S-1-5-21-3930111990-3464362033-339816197-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-3930111990-3464362033-339816197-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-3930111990-3464362033-339816197-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully
HKEY_USERS\S-1-5-21-3930111990-3464362033-339816197-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-3930111990-3464362033-339816197-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-3930111990-3464362033-339816197-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B889F3FF-D1DC-4B7A-BF65-032AC8FC7A2B} deleted successfully
HKEY_USERS\S-1-5-21-3930111990-3464362033-339816197-1001\Software\Microsoft\Internet Explorer\SearchScopes\{B889F3FF-D1DC-4B7A-BF65-032AC8FC7A2B} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-3930111990-3464362033-339816197-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-3930111990-3464362033-339816197-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-3930111990-3464362033-339816197-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-3930111990-3464362033-339816197-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully
HKEY_USERS\S-1-5-21-3930111990-3464362033-339816197-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully
HKEY_USERS\S-1-5-21-3930111990-3464362033-339816197-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\dgjkhjdcljddbedokogakmmdjgnbeanf deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\[user2]\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\[user2]\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\[user2]\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\[user2]\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\[user1]\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\[user1]\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\[user1]\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\users\[user2]\AppData\Local\Mozilla\Firefox\Profiles\g8vnyeqf.default\Cache emptied successfully
C:\users\[user1]\AppData\Local\Mozilla\Firefox\Profiles\6y8ugz3q.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\users\[user2]\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\users\[user1]\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
|
|
25.05.2013, 19:20
| #4 |
| /// Malwareteam / Visitor | PC Performer (Log-Files) Nächster Schritt
|
|
26.05.2013, 11:00
| #5 |
| | PC Performer (Log-Files) Kleine Anmerkung: Ich kann unter Windows 7 die zoek.exe NICHT als Administrator starten. Dann kommt nur das Lade-Symbol (der sich drehende Pfeil) und es tut sich nach kurzem nichts mehr. Mit normalem Doppelklick klappt es aber. zoek-results.log: Code:
ATTFilter Zoek.exe Version 4.0.0.2 Updated 22-May-2013
Tool run by [user2] on 26.05.2013 at 11:49:44,55.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-21-3930111990-3464362033-339816197-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ApnUpdater"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Optimizer Pro"=-
==== Deleting Files \ Folders ======================
"C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml" not found
"C:\ProgramData\BrowserProtect" not found
"C:\users\[user2]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk" deleted
"C:\Users\Public\Desktop\sample__1434.zip" deleted
"C:\Program Files (x86)\MyPC Backup\AWSSDK.dll" deleted
"C:\Program Files (x86)\MyPC Backup\BackupStack.exe" deleted
"C:\Program Files (x86)\MyPC Backup\MPCBClient.dll" deleted
"C:\Program Files (x86)\MyPC Backup\Shared Stack.dll" deleted
"C:\Program Files (x86)\MyPC Backup\Database\mpcb_settings.db" not deleted
"C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll" deleted
"C:\Program Files (x86)\MyPC Backup" not deleted
"C:\Program Files (x86)\MyPC Backup\Database" not deleted
"C:\Program Files (x86)\MyPC Backup\x64" not deleted
==== Reset Google Chrome ======================
C:\users\[user2]\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\users\[user1]\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
C:\users\[user2]\AppData\Local\Google\Chrome\User Data\Default\web data was reset successfully
C:\users\[user1]\AppData\Local\Google\Chrome\User Data\Default\web data was reset successfully
|
|
26.05.2013, 16:35
| #6 |
| /// Malwareteam / Visitor | PC Performer (Log-Files) Ich bin froh dass der Schritt mit Zoek anscheinend doch erfolgreich war Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade Dir bitte  AdwCleaner auf deinen Desktop.
|
|
26.05.2013, 18:58
| #7 |
| | PC Performer (Log-Files) Hey smeenk, sieht doch jetzt ganz gut aus, oder? Malwarebytes Anti-Rootkit: "Scan Finished: No malware found!" Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org
Database version: v2013.05.26.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
[user1] :: [user2] [administrator]
26.05.2013 19:16:44
mbar-log-2013-05-26 (19-16-44).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: Deep Anti-Rootkit Scan | PUP
Objects scanned: 280109
Time elapsed: 21 minute(s), 9 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter # AdwCleaner v2.301 - Datei am 26/05/2013 um 19:41:11 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : [user1] - [user2]
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\[user1]\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Datei Gelöscht : C:\Users\[user1]\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Datei Gelöscht : C:\Users\[user1]\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Ordner Gelöscht : C:\Program Files (x86)\Speed Analysis 2
Ordner Gelöscht : C:\Program Files\DomaIQ Uninstaller
Ordner Gelöscht : C:\ProgramData\iWin
Ordner Gelöscht : C:\Users\[user2]\AppData\Roaming\iWin
Ordner Gelöscht : C:\Users\[user1]\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\[user1]\AppData\Roaming\PerformerSoft
Ordner Gelöscht : C:\Windows\Installer\{EBE677C0-CBCB-4EBF-8098-E27E1B5271CF}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{18DBB6CE-3148-4FEC-B481-103CB3290427}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DBB6CE-3148-4FEC-B481-103CB3290427}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\PerformerSoft
Schlüssel Gelöscht : HKCU\Software\a0d9deb13eb849
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\PropertySync.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\b
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\Software\PerformerSoft
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\a0d9deb13eb849
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{18DBB6CE-3148-4FEC-B481-103CB3290427}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DBB6CE-3148-4FEC-B481-103CB3290427}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EBE677C0-CBCB-4EBF-8098-E27E1B5271CF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DomaIQ Uninstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PC Performer_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Speed Analysis 2
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Wert Gelöscht : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16576
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v20.0.1 (de)
Datei : C:\Users\[user1]\AppData\Roaming\Mozilla\Firefox\Profiles\6y8ugz3q.default\prefs.js
C:\Users\[user1]\AppData\Roaming\Mozilla\Firefox\Profiles\6y8ugz3q.default\user.js ... Gelöscht !
[OK] Die Datei ist sauber.
Datei : C:\Users\[user2]\AppData\Roaming\Mozilla\Firefox\Profiles\g8vnyeqf.default\prefs.js
C:\Users\[user2]\AppData\Roaming\Mozilla\Firefox\Profiles\g8vnyeqf.default\user.js ... Gelöscht !
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [15009 octets] - [26/05/2013 19:41:11]
########## EOF - C:\AdwCleaner[S1].txt - [15070 octets] ##########
|
|
26.05.2013, 19:27
| #8 |
| /// Malwareteam / Visitor | PC Performer (Log-Files) Sieht sicherlich gut aus  Downloade Dir bitte  SecurityCheck und:
|
|
26.05.2013, 20:23
| #9 |
| | PC Performer (Log-Files) SecurityCheck: Code:
ATTFilter Results of screen317's Security Check version 0.99.63 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Haunted Past Realm of Ghosts Collector's Edition Haunted Past: Realm of Ghosts Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 21 Adobe Flash Player 11.7.700.202 Adobe Reader 10.1.7 Adobe Reader out of Date! Mozilla Firefox (20.0.1) Google Chrome 22.0.1229.95 Google Chrome 26.0.1410.64 ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
26.05.2013, 21:08
| #10 |
| /// Malwareteam / Visitor | PC Performer (Log-Files) Angeblich sollte Adobe Reader nicht der meist aktuelle Version sein. Sonst sieht alles wirklich gut aus Wir räumen jetzt noch ein wenig auf und dann habe ich am Ende etwas Lesestoff für dich. Tools deinstallieren Die Reihenfolge ist hier entscheidend.
Abschließend noch Tipps zu folgenden Themen:
 Lesestoff:Systemupdates Man kann es gar nicht oft genug erwähnen, wie wichtig es ist, sein System aktuell zu halten. Dein Auto bringst du ja auch regelmässig zur Inspektion in die Werkstatt. Stelle also bitte sicher, dass die Systemupdates aktiviert sind:
Lesestoff:Softwareupdates Ebenso wichtig wie die Systemprogramme ist auch die Software, die du täglich nutzt. Die folgende Liste gibt dir einen kleinen Überblick mit Links zu den Updates, welche Programme dringend aktuell gehalten werden müssen (falls du sie überhaupt installiert hast und nutzt), weil durch deren Sicherheitslücken oft Malware auf die Computer gelangen kann:
Lesestoff:Sicherheitssoftware Würde dich jemand nackt auf dem Motorrad auf der Autobahn überholen würdest du auch den Kopf schütteln. Dein Computer braucht auch einen Schutz vor den täglichen kleinen Angriffen durch Schädlinge. Neben hervorragenden kommerziellen Anti-Viren-Lösungen gibt es auch durchaus gute Schutzprogramme, die kostenfrei mit reduziertem Funktionsumfang erhältlich sind. Aber vorsicht, hier gilt nicht "je mehr desto besser". Was du brauchst ist genau einen Virenscanner mit Hintergrundwächter. Nicht mehr und nicht weniger. Es gibt hier viele Produkte auf dem Markt, die einem gute Dienste leisten. Ich persönlich empfehle dir Avast Free Antivirus. Es bietet relativ guten Schutz, bei wenig nerviger Werbung und installiert dir ein Browserplugin, das dich vor gefährlichen Webseiten warnt.
Lesestoff:Sicheres Surfen Zunächst muss man sagen, dass es üblicherweise immer der menschliche Faktor ist, der es Malware ermöglicht auf einen Computer zu gelangen. Kaufst du Leuten, die an deiner Haustür klingeln, auch sofort ohne nachzudenken irgendwelches Zeug ab? Gewöhne dir daher zunächst einige Verhaltensregeln beim Surfen im Internet an:
Aber selbst bei der peinlichen Einhaltung dieser Regeln kann es dennoch zu einer sogenannten Drive-By-Infektion kommen, bei der ein Schädling aus dem Schutzmechanismus des Webbrowsers ausbricht. Um die Sicherheit noch weiter zu erhöhen gibt es spezielle Schutzsoftware, die deinen Browser noch weiter absichert.
Zuletzt denke bitte über die Benutzung eines alternativen Browsers nach. Programme, die nicht so oft verwendet werden, sind auch nicht so sehr im Focus der "bösen Jungs". D.h. du bist mit einem exotischen Browser eher auf der sicheren Seite. Grundsätzlich bist du erst einmal deutlich sicherer, wenn du nicht den Internet Explorer benutzt.
Damit wünsche ich dir noch viel Spaß beim Surfen im Internet ... und vielleicht möchtest du ja das Trojaner-Board unterstützen? Grüße Smeenk |
|
27.05.2013, 09:09
| #11 |
| | PC Performer (Log-Files) Hey smeenk,  vielen, vielen Dank für deine Hilfe! Genial, was ihr hier täglich an Arbeit leistet! |
|
27.05.2013, 09:55
| #12 |
| /// Malwareteam / Visitor | PC Performer (Log-Files) Schön, dass wir helfen konnten  Grüße Smeenk |
|
| Themen zu PC Performer (Log-Files) |
| antivir, autorun, avg, avira, bho, bonjour, canon, excel, fehlermeldung, firefox, flash player, format, freeze, helper, home, internet, logfile, mozilla, mypc backup, object, optimizer pro, pcperformer, performer, plug-in, realtek, registry, scan, security, software, symantec, wenig ahnung, wild tangent, wildtangent games, windows |
Linear-Darstellung
